How to Delete Registry Keys That Cannot Be Deleted
#1 
aamfs94
-
- Members
- 7 posts
- OFFLINE
- Local time: 02:38 PM
Posted 04 March 2016 - 08:08 AM
There is a registry key that Symantec created. After I uninstalled it it didn't go away. It is in the HKLM/SOFTWARE/WOWNODE folder. There are some other numbers in the name of the wownode folder but I can't remember them now.
Here's what I've tried so far.
Basic deletion - "cannot delete"
Giving myself full administrative permissions - "cannot delete"
Running in safe mode - "cannot delete"
Using the regdelnull utility in case it was a null key - did not find any null keys
The most powerful thing I've tried so far was to turn off my computer and boot from a windows repair disk, which allowed me to access the BIOS command line, and load the registry hive from my main windows partition. Even editing the registry offline in this way still produces the same error. I don't even understand how this is possible?
What could possibly allow the key to avoid deletion and how can I fix it? I'm so frustrated by this, so any help would be immensely appreciated!
Thanks.
-
Back to top
BC AdBot (Login to Remove)
-
- BleepingComputer.com
- Register to remove ads
#2 Aura
Aura
-
- Malware Response Team
- 19,707 posts
- OFFLINE
Bleepin' Special Ops
- Gender: Male
- Local time: 03:38 PM
Posted 04 March 2016 - 08:24 AM
Hi aamfs94 
Are you able to give me the exact name of that Registry key?
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.
- Back to top
#3 aamfs94
aamfs94
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time: 02:38 PM
Posted 04 March 2016 - 09:31 AM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\
- Back to top
#4 Aura
Aura
-
- Malware Response Team
- 19,707 posts
- OFFLINE
Bleepin' Special Ops
- Gender: Male
- Local time: 03:38 PM
Posted 04 March 2016 - 09:36 AM
What Symantec product did you uninstall? If possible, I would like the full name of it.
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.
- Back to top
#5 aamfs94
aamfs94
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time: 02:38 PM
Posted 04 March 2016 - 09:56 AM
It's Symantec Endpoint Protection. Not sure what version, probably the latest. Thank you so much!!!
- Back to top
#6 Aura
Aura
-
- Malware Response Team
- 19,707 posts
- OFFLINE
Bleepin' Special Ops
- Gender: Male
- Local time: 03:38 PM
Posted 04 March 2016 - 10:00 AM
Your best option here would be to download the CleanWipe utility for Symantec Endpoint Protection.
https://support.symantec.com/en_US/article.TECH184988.html#WhenConventionalMethodsFail
https://support.symantec.com/en_US/article.HOWTO74877.html
This will remove everything related to SEP on your system.
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.
- Back to top
#7 aamfs94
aamfs94
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time: 02:38 PM
Posted 04 March 2016 - 10:03 AM
I think I did try that and it didn't remove the keys. Why can't I do it manually though? It's my computer, not symantecs, why can't I gain full control of it?
- Back to top
#8 Aura
Aura
-
- Malware Response Team
- 19,707 posts
- OFFLINE
Bleepin' Special Ops
- Gender: Male
- Local time: 03:38 PM
Posted 04 March 2016 - 10:15 AM
What method did you try so far? Did you try to delete it via command prompt launched with Admin Rights, or a .reg file?
Also, I understand your point, however, if security software could be deleted that easily, malware and virus would have way too much freedom once they infect a system, and nothing would be able to contain them.
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.
- Back to top
#9 aamfs94
aamfs94
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time: 02:38 PM
Posted 04 March 2016 - 10:24 AM
I launched command prompt with admin rights. I haven't tried deleting it with a .reg file, what does that entail? Would that be more powerful than trying to delete it from a bootable repair utility? I didn't think there could be a more powerful method than that considering the registry is offline then.
- Back to top
#10 Aura
Aura
-
- Malware Response Team
- 19,707 posts
- OFFLINE
Bleepin' Special Ops
- Gender: Male
- Local time: 03:38 PM
Posted 04 March 2016 - 10:49 AM
I don't think it's more powerful, but it's worth a try. Create a new text file on your desktop, but change the extension to .reg (instead of .txt). Right-click on that new file, and copy/paste the following inside.
Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec]
Save the file, then double-click on it and accept to merge the changes in the Registry. You'll get either a success or failure message. If you get a success message, go check in the Registry if the key is indeed gone.
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.
- Back to top
#11 aamfs94
aamfs94
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time: 02:38 PM
Posted 06 March 2016 - 01:13 PM
I still get the exact same error. Here is the full name for the key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
Here's another clue. When I click on "CurrentVersion" I get a special error message that I've attached below. Does this help in any way figure out what's going on?
Attached Files
-
error.png 5.02KB 0 downloads
- Back to top
#12 JohnC_21
JohnC_21
-
- Members
- 31,447 posts
- OFFLINE
- Gender: Male
- Local time: 02:38 PM
Posted 06 March 2016 - 01:19 PM
I don't think deleting the key would improve your performance but that being said you can probably delete it offline using a bootable disk.
Kaspersky's Rescue Disk has a registry editor. Burn the iso to disk and use the Registry Editor to delete the key.
- Back to top
#13 Aura
Aura
-
- Malware Response Team
- 19,707 posts
- OFFLINE
Bleepin' Special Ops
- Gender: Male
- Local time: 03:38 PM
Posted 06 March 2016 - 01:19 PM
It looks more like a corrupt Registry key than a permission issue if you ask me. Any reason as to why you want to delete the Symantec key? If you uninstalled SEP, a single key won't cause you any issues.
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.
- Back to top
#14 aamfs94
aamfs94
- Topic Starter
-
- Members
- 7 posts
- OFFLINE
- Local time: 02:38 PM
Posted 06 March 2016 - 01:25 PM
I don't think deleting the key would improve your performance but that being said you can probably delete it offline using a bootable disk.
Kaspersky's Rescue Disk has a registry editor. Burn the iso to disk and use the Registry Editor to delete the key.
I already used a bootable disk and the file wouldn't delete.
I FOUND A SOLUTION! For anyone with a similar problem this seems to be the only thing that could work:
http://answers.microsoft.com/en-us/windows/forum/all/unable-to-delete-registry-key-that-is-causing/a81adda2-8e17-4cb1-94ee-56ab095ab2a6?auth=1
- Back to top
How to Delete Registry Keys That Cannot Be Deleted
Source: https://www.bleepingcomputer.com/forums/t/607083/cannot-delete-persistent-registry-key-please-help/